From 78dec35acd3e12a01a037244ce64d0d1b7de4cc4 Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Sun, 9 Dec 2012 15:12:14 -0700 Subject: [PATCH] Log on 304 --- CHANGES | 3 +++ README.SSL | 26 ++++++++++++++++++++++++++ eris.c | 1 + test.sh | 3 +++ 4 files changed, 33 insertions(+) create mode 100644 README.SSL diff --git a/CHANGES b/CHANGES index 5e57871..0900fe5 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +3.1.4: + Have 304 (Not Modified) responses generate a log entry + 3.1.3: Have directory indexes generate a log entry Remove nop -a option diff --git a/README.SSL b/README.SSL new file mode 100644 index 0000000..8a087c9 --- /dev/null +++ b/README.SSL @@ -0,0 +1,26 @@ +SSL with eris +============= + +Eris does not care what transport is in use: that job is left to the invoking +program (eg. tcpserver). + +Gerrit Pape's `ipsvd` package comes with two programs for running SSL daemons: +`sslsvd` and `sslio`. At the time of this writing, however, Gerrit's `ipsvd` +has no support for IPv6. Busybox `ipsvd`, and `ucspi-tcp-ipv6`, both do +support IPv6. + +Here is how you can support SSL *and* IPv6: + + cd /srv/www + HTTPS=enabled; export HTTPS + exec tcpserver -H -R 0 443 \ + /usr/bin/sslio -u nobody:ssl-cert -U www-data \ + -C /path/to/mydomain.crt -K /path/to/mydomain.key \ + /service/httpd/eris -c + +This uses `tcpserver` to listen for and accept TCP4 and TCP6 connections. +These connections are then handed to `sslio`, which drops permissions to +`nobody:ssl-cert` and starts speaking SSL to `eris` running as `www-data`. + +I like to set the `HTTPS` environment variable also, so CGI can tell whether or +not its connection is secure. diff --git a/eris.c b/eris.c index d5cd6e0..fbd24ac 100644 --- a/eris.c +++ b/eris.c @@ -553,6 +553,7 @@ serve_file(int fd, char *filename, struct stat *st) if (st->st_mtime <= ims) { header(304, "Not Changed"); eoh(); + dolog(304, 0); return; } diff --git a/test.sh b/test.sh index c1b8d7d..f67f80b 100755 --- a/test.sh +++ b/test.sh @@ -175,6 +175,9 @@ printf 'GET / HTTP/1.0\r\nIf-Modified-Since: Sun Feb 27 12:12:12 2030\r\n\r\n' | title "ims persist" printf 'GET / HTTP/1.1\r\nIf-Modified-Since: %s\r\n\r\nGET / HTTP/1.0\r\n\r\n' "$ims" | $HTTPD 2>/dev/null | d | grep -q 'HTTP/1.. 304.*HTTP/1.. 200' && pass || fail +title "Logging" +(printf 'GET / HTTP/1.0\r\nIf-Modified-Since: %s\r\n\r\n' "$ims" | $HTTPD > /dev/null) 2>&1 | grep -q '304' && pass || fail + H "Directory indexing"